#include "htf_crypto.h"
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <string.h>
#include <stdlib.h>

int htf_crypto_decrypt(const uint8_t* in, size_t in_len,
                       const uint8_t* key, size_t key_len,
                       uint8_t** out, size_t* out_len) {
    if (key_len != 32 || in_len < 12 + 16) return -1;

    *out_len = in_len - 12 - 16;
    *out = (uint8_t*)malloc(*out_len);
    if (!*out) return -2;

    EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
    EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, key, in);
    int len;
    EVP_DecryptUpdate(ctx, *out, &len, in + 12, *out_len);
    EVP_DecryptFinal_ex(ctx, *out + len, &len);
    EVP_CIPHER_CTX_free(ctx);
    return 0;
}

void htf_crypto_sha256(const void* data, size_t len, uint8_t hash[32]) {
    if (hash) SHA256(data, len, hash);
    // else: just compute for side effect (e.g., audit log)
}